clones/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-10-03 15:56:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
81,750 Commits 494 Branches 1,367 Tags 813 MiB
d8a4b1affb
Commit Graph

653 Commits

Author SHA1 Message Date
Daniel Lowrey
b3b709f1fc Merge branch 'PHP-5.6' 
* PHP-5.6:
  Prevent implicit function declaration when TLSEXT unavailable
 2014-02-25 19:12:49 -07:00
Daniel Lowrey
2bc0dbab44 Prevent implicit function declaration when TLSEXT unavailable 2014-02-25 19:12:33 -07:00
Daniel Lowrey
33914b5166 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Remove test case invalidated by openssl.cafile accessibility change
  Tolerate non-standard newlines when parsing stream CA files
  Remove openssl tests that shouldn't have survived last merge
  Add openssl.cafile ini check when loading cainfo
  Change openssl directives to PHP_INI_PERDIR
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
 2014-02-25 13:27:10 -07:00
Daniel Lowrey
bab017ddfd Remove test case invalidated by openssl.cafile accessibility change 2014-02-25 13:02:13 -07:00
Daniel Lowrey
bd95716b8e Merge branch 'windowsPeerVerification' of https://github.com/DaveRandom/php-src into PHP-5.6 
* 'windowsPeerVerification' of https://github.com/DaveRandom/php-src:
  Update openssl tests with new server/client test harness
  Add peer certificate verification on windows
 2014-02-25 12:43:52 -07:00
Daniel Lowrey
f8fe09dcef Tolerate non-standard newlines when parsing stream CA files 2014-02-25 09:59:13 -07:00
Daniel Lowrey
a4c7ab8399 Remove openssl tests that shouldn't have survived last merge 
These are .phpt files I meant to remove with the last batch as
the same functionality is now covered in other tests and these
are no longer needed.
 2014-02-25 09:59:13 -07:00
Daniel Lowrey
47b5873c5d Change openssl directives to PHP_INI_PERDIR 
Because openssl.cafile and openssl.capath have implications for
security these directives have been changed to PHP_INI_PERDIR
(previously PHP_INI_ALL)
 2014-02-25 09:59:13 -07:00
Chris Wright
d6fb7b8f2e Update openssl tests with new server/client test harness 2014-02-25 16:51:50 +00:00
Chris Wright
480e4f8541 Add peer certificate verification on windows 
Peer certificate verification on Windows using the native certificate store and the Windows API
 2014-02-25 16:51:49 +00:00
Anatol Belski
38d02db86d Merge branch 'PHP-5.6' 
* PHP-5.6:
  fix linkage
  More openssl UPGRADING updates
  Fix build against older OpenSSL libs
  Update NEWS/UPGRADING with openssl additions
 2014-02-21 23:14:48 +01:00
Anatol Belski
5b6ef90bc0 fix linkage 
"extern inline" looks like tricky case for portability, but extern
is required with VS. So reduce the case to a starndard one to avoid
unporbatibily.
 2014-02-21 23:09:16 +01:00
Daniel Lowrey
a27db7d2da Fix build against older OpenSSL libs 2014-02-21 13:01:04 -07:00
Daniel Lowrey
c3d76441d5 Fix build against older OpenSSL libs 2014-02-21 12:16:23 -07:00
Daniel Lowrey
1268bd6045 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Mitigate client-initiated SSL renegotiation DoS
 2014-02-21 09:15:53 -07:00
Daniel Lowrey
5389d0963c Merge branch 'reneg-limit' of https://github.com/rdlowrey/php-src into PHP-5.6 
* 'reneg-limit' of https://github.com/rdlowrey/php-src:
  Mitigate client-initiated SSL renegotiation DoS
 2014-02-21 09:13:55 -07:00
Daniel Lowrey
b6edbd5897 Mitigate client-initiated SSL renegotiation DoS 2014-02-21 06:31:56 -07:00
Anatol Belski
04a10be9db Merge branch 'PHP-5.6' 
* PHP-5.6:
  C89 compat
 2014-02-21 11:24:18 +01:00
Anatol Belski
f51555ca58 C89 compat 2014-02-21 11:23:42 +01:00
Daniel Lowrey
86d9235de5 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Improve OpenSSL compile flag compatibility, minor updates
  Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests
  Improve server forward secrecy, refactor client SNI
  Add 'honor_cipher_order' server context option
  Add 'capture_session_meta' context option
  Disable TLS compression by default in both clients and servers
  Release ssl buffers
  Add openssl_get_cert_locations() function
  Explicitly set cert verify depth if not specified
  Strengthen default cipher list
 2014-02-20 17:46:54 -07:00
Daniel Lowrey
9f94e0b51c Improve OpenSSL compile flag compatibility, minor updates 2014-02-20 17:23:34 -07:00
Daniel Lowrey
3a9829af20 Use crypto method flags; add tlsv1.0 wrapper; add wrapper tests 2014-02-20 17:10:06 -07:00
Daniel Lowrey
d0c9207cff Improve server forward secrecy, refactor client SNI 2014-02-20 17:10:06 -07:00
Daniel Lowrey
742fc5fb35 Add 'honor_cipher_order' server context option 2014-02-20 17:10:06 -07:00
Daniel Lowrey
081c8e9d92 Add 'capture_session_meta' context option 2014-02-20 17:10:06 -07:00
Daniel Lowrey
b98b093d73 Disable TLS compression by default in both clients and servers 2014-02-20 17:10:06 -07:00
Daniel Lowrey
b9ba011c0f Release ssl buffers 2014-02-20 17:10:06 -07:00
Daniel Lowrey
df6bfe3be2 Add openssl_get_cert_locations() function 2014-02-20 17:10:06 -07:00
Daniel Lowrey
258d04df5c Explicitly set cert verify depth if not specified 2014-02-20 17:10:06 -07:00
Daniel Lowrey
225f534b1a Strengthen default cipher list 2014-02-20 17:10:06 -07:00
Daniel Lowrey
af318419ad Merge branch 'PHP-5.6' 
* PHP-5.6:
  Add tests for Bug #65538
  Fix Bug #65538 (cafile now supports stream wrappers)
 2014-02-19 04:19:30 -07:00
Daniel Lowrey
e272225e2a Merge branch 'bug-65538' of https://github.com/rdlowrey/php-src into PHP-5.6 
* 'bug-65538' of https://github.com/rdlowrey/php-src:
  Add tests for Bug #65538
  Fix Bug #65538 (cafile now supports stream wrappers)
 2014-02-19 04:17:33 -07:00
Daniel Lowrey
4c1baa8263 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Skip failing tests when EC unavailable (RHEL)
 2014-02-19 04:03:16 -07:00
Daniel Lowrey
d9036d14f7 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Skip failing tests when EC unavailable (RHEL)
 2014-02-19 04:01:57 -07:00
Daniel Lowrey
a7d3606650 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Skip failing tests when EC unavailable (RHEL)

Conflicts:
	ext/openssl/openssl.c
 2014-02-19 04:01:08 -07:00
Daniel Lowrey
633f898f15 Skip failing tests when EC unavailable (RHEL) 2014-02-19 03:57:37 -07:00
Daniel Lowrey
491d492ada Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed broken build when EC unavailable
 2014-02-17 19:39:43 -05:00
Daniel Lowrey
4e4d319e62 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed broken build when EC unavailable
 2014-02-17 19:38:49 -05:00
Daniel Lowrey
bd9aa181dc Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed broken build when EC unavailable
 2014-02-17 19:38:30 -05:00
Daniel Lowrey
a80cec1190 Fixed broken build when EC unavailable 2014-02-17 18:55:39 -05:00
Daniel Lowrey
2a83295b14 Add tests for Bug #65538 2014-02-16 09:20:43 -07:00
Daniel Lowrey
c7220dc6c5 Fix Bug #65538 (cafile now supports stream wrappers) 2014-02-16 08:47:37 -07:00
Daniel Lowrey
1b4af87af4 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:24:04 -07:00
Daniel Lowrey
b60cb2b88a Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:20:01 -07:00
Daniel Lowrey
65adb74984 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fix for bug66501 - "key type not supported in this PHP build"
 2014-02-14 18:15:24 -07:00
mk-j
19524fc6fe Fix for bug66501 - "key type not supported in this PHP build" 2014-02-14 18:11:46 -07:00
Daniel Lowrey
89292d95ad Add missing TSRMLS_CC 2014-02-14 17:27:29 -07:00
Daniel Lowrey
8562b8c163 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Bug #47030 (separate host and peer verification)
 2014-02-14 15:40:36 -07:00
Daniel Lowrey
ce8dc0ede2 Bug #47030 (separate host and peer verification) 2014-02-14 15:17:30 -07:00
Daniel Lowrey
a5551b73db Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fix test broken if openssl is compiled without sslv2
 2014-02-14 13:39:53 -07:00
Daniel Lowrey
f073588e75 Fix test broken if openssl is compiled without sslv2 2014-02-14 13:39:02 -07:00
Daniel Lowrey
4921c1f0ce Fix segfault accessing context when no context assigned 
Conflicts:
	ext/openssl/xp_ssl.c
 2014-02-14 10:33:43 -07:00
Daniel Lowrey
8582353700 Fix segfault accessing context when no context assigned 2014-02-14 10:24:08 -07:00
Daniel Lowrey
6c1cdd0814 Merge branch 'PHP-5.6' 
* PHP-5.6:
  Fixed SNI failure from missing Z_STRVAL_PP
 2014-02-04 19:13:50 -07:00
Daniel Lowrey
99fa59054d Fixed SNI failure from missing Z_STRVAL_PP 2014-02-04 19:11:56 -07:00
Daniel Lowrey
0893a13e32 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:13:53 -07:00
Daniel Lowrey
05c309f2d8 Remove #if PHP_VERSION_ID version checks 2014-02-01 08:01:13 -07:00
Daniel Lowrey
58293fb533 Use master-agnostic zend_is_true checks 2014-01-31 14:18:31 -07:00
Daniel Lowrey
43432c12f1 Fixed build breakage from b4b4d9697f 2014-01-29 17:57:59 -07:00
Daniel Lowrey
b4b4d9697f Verify peers by default in client socket operations 2014-01-28 10:05:56 -07:00
Daniel Lowrey
68883318aa Prevent invalid SAN peer verification on null byte prefix attack 2014-01-27 14:51:22 -07:00
Xinchen Hui
0f53e37494 Merge branch 'PHP-5.6' 2014-01-03 11:09:07 +08:00
Xinchen Hui
c081ce628f Bump year 2014-01-03 11:08:10 +08:00
Xinchen Hui
47c9027772 Bump year 2014-01-03 11:06:16 +08:00
Xinchen Hui
c0d060f5c0 Bump year 2014-01-03 11:04:26 +08:00
Kalle Sommer Nielsen
d14670ccdb Eliminate another TSRMLS_FETCH() in i_zend_is_true() 
# Affected extensions have all been updated, ext/opcache and ext/zip
# both have macros for cross version compatibility
 2013-12-18 07:25:05 +01:00
Anatol Belski
39a2dcdeac Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  Fixed bug #65486 mysqli_poll() is broken on Win x64
 2013-12-12 10:46:21 +01:00
Anatol Belski
da62fd5ed8 Fixed bug #65486 mysqli_poll() is broken on Win x64 
While this issue is visible in mysqli_poll() functions, the cause
lays deeper in the stream to socket casting API. On Win x64 the
SOCKET datatype is a 64 or 32 bit unsigned, while on Linux/Unix-like
it's 32 bit signed integer. The game of casting 32 bit var to/from
64 bit pointer back and forth is the best way to break it.

Further more, while socket and file descriptors are always integers
on Linux, those are different things using different APIs on Windows.
Even though using integer instead of SOCKET might work on Windows, this
issue might need to be revamped more carefully later. By this time
this patch is tested well with phpt and apps and shows no regressions,
neither in mysqli_poll() nor in any other parts.
 2013-12-12 10:17:01 +01:00
Anatol Belski
e9efc16660 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:37 +01:00
Anatol Belski
b6bcae5c10 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:33:16 +01:00
Anatol Belski
ff89066b3d Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  fix dir separator in cve-2013-6420 test
 2013-12-11 13:32:49 +01:00
Anatol Belski
6f739318fd fix dir separator in cve-2013-6420 test 2013-12-11 13:31:29 +01:00
Stanislav Malyshev
293984ac33 Merge branch 'PHP-5.5' into PHP-5.6 
* PHP-5.5:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:36:06 -08:00
Stanislav Malyshev
41cd533298 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse
 2013-12-10 11:35:26 -08:00
Stanislav Malyshev
71daf3229b Merge branch 'PHP-5.3' into PHP-5.4 
* PHP-5.3:
  5.3.29-dev
  Fix CVE-2013-6420 - memory corruption in openssl_x509_parse

Conflicts:
	configure.in
	main/php_version.h
 2013-12-10 11:34:35 -08:00
Stanislav Malyshev
c1224573c7 Fix CVE-2013-6420 - memory corruption in openssl_x509_parse 2013-12-10 11:03:49 -08:00
Michael Wallner
c86862cb3c Merge branch 'openssl_compile_warning_fix' of https://github.com/bukka/php-src 
* 'openssl_compile_warning_fix' of https://github.com/bukka/php-src:
  Fix compiler warnings in openssl.c
 2013-10-18 12:03:02 +02:00
Michael Wallner
b95f9fa0aa previous revert killed that file 2013-10-17 15:32:18 +02:00
Michael Wallner
3f2fba4c34 Merge branch 'updated_tls_support' of https://github.com/rdlowrey/php-src 
* 'updated_tls_support' of https://github.com/rdlowrey/php-src:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 15:27:15 +02:00
Michael Wallner
dd3a4c303b Merge branch 'PHP-5.5' 
* PHP-5.5:
  Revert "TLS news"
  Revert "Added support for TLSv1.1 and TLSv1.2"
 2013-10-17 15:22:07 +02:00
Michael Wallner
8aaecef524 Revert "Added support for TLSv1.1 and TLSv1.2" 
This reverts commit 2aaa3d538a.
 2013-10-17 15:20:38 +02:00
Michael Wallner
ad0a85b9e2 fix ws 2013-10-17 15:09:28 +02:00
Michael Wallner
5a7ca69e56 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Added support for TLSv1.1 and TLSv1.2

Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:53:50 +02:00
Daniel Lowrey
2aaa3d538a Added support for TLSv1.1 and TLSv1.2 
Conflicts:
	ext/openssl/xp_ssl.c
 2013-10-17 14:49:44 +02:00
Jakub Zelenka
c092d286fc Fix compiler warnings in openssl.c 2013-10-13 15:52:39 +01:00
Daniel Lowrey
9d57243794 Fixes broken zts build (recent openssl changes) 2013-10-12 22:28:15 +02:00
Michael Wallner
e2d123a720 C89 2013-10-09 17:16:25 +02:00
Michael Wallner
c85c50e35c Merge branch 'san_peer_matching' of https://github.com/rdlowrey/php-src 
* 'san_peer_matching' of https://github.com/rdlowrey/php-src:
  Changed return types to zend_bool, renamed test
  Added SAN matching during peer verification
 2013-10-09 17:09:03 +02:00
Daniel Lowrey
a40dd6e963 Changed return types to zend_bool, renamed test 2013-10-09 09:55:36 -04:00
Michael Wallner
302b9d4e5c Merge branch 'PHP-5.5' 
* PHP-5.5:
  C89 compatibility
 2013-10-09 12:30:51 +02:00
Michael Wallner
3b3c57e79e Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  C89 compatibility
 2013-10-09 12:30:42 +02:00
Michael Wallner
22700890d4 C89 compatibility 2013-10-09 12:30:31 +02:00
Michael Wallner
29d5ff75d5 Merge branch 'PHP-5.5' 
* PHP-5.5:
  Fixed segfault when built with OpenSSL >= 1.0.1
  fixing a minor typo in CODING_STANDARDS document
  FIX BUG #65219 - Typo correction
  FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
 2013-10-09 09:18:29 +02:00
Michael Wallner
36fb4ed968 Merge branch 'PHP-5.4' into PHP-5.5 
* PHP-5.4:
  Fixed segfault when built with OpenSSL >= 1.0.1
  fixing a minor typo in CODING_STANDARDS document
  FIX BUG #65219 - Typo correction
  FIX BUG #65219 - USE DB not being sent for FreeTDS version < 0.92 FreeTDS <0.92 does not support DBSETLDBNAME option and therefore will not work with SQL Azure. Fallback to dbuse command in letter versions.
 2013-10-09 09:17:48 +02:00
Daniel Lowrey
b026993a74 Fixed segfault when built with OpenSSL >= 1.0.1 
(PR #481)
 2013-10-09 09:17:25 +02:00
Daniel Lowrey
2ddefbd2b3 Added support for TLSv1.1 and TLSv1.2 2013-10-08 14:09:17 -04:00
Daniel Lowrey
1970b96443 Added SAN matching during peer verification 2013-10-08 12:37:44 -04:00
Michael Wallner
ea0578e223 Merge branch 'ssl-streams-crypto-method' of https://github.com/mj/php-src 
* 'ssl-streams-crypto-method' of https://github.com/mj/php-src:
  Add unit test that covers setting the crypto method.
  Streams for ssl:// transports can now be configured to use a specific crypto method (SSLv3, SSLv2 etc.) by calling
 2013-10-08 16:10:00 +02:00
Michael Wallner
8300ced2f7 Merge branch 'bug65729' of https://github.com/datibbaw/php-src 
* 'bug65729' of https://github.com/datibbaw/php-src:
  DNS name comparison is now case insensitive.
  Use zend_bool as return value for _match()
  Added two more test cases for CN matching.
  yay, reduced one variable
  Fixed bug that would lead to out of bounds memory access
  added better wildcard matching for CN
 2013-10-08 15:58:28 +02:00
datibbaw
6106896440 DNS name comparison is now case insensitive. 2013-10-08 10:07:54 +08:00